Facebook Glitch Raises Privacy Concerns

Facebook's acknowledgement that it mistakenly exposed 6 million members' telephone numbers and e-mail addresses to unauthorized viewers is the latest example of IT security incidents creating mistrust of corporations and governments.

"A majority of Americans aren't happy or comfortable about the collection and use of their personal information, and they have mixed feelings about whether they can
trust that their information is being used responsibly," Marci Kaminsky, a senior vice president at Allstate Insurance, said when the insurer issued earlier this month a survey demonstrating American's anxiety about online privacy.

The survey reveals that 85 percent of Americans believe it's likely that information about their communications history, such as phone calls, e-mails and Internet use, is available for businesses, government, individuals and other groups to access without their consent. Ninety percent of the 1,000 respondents say they have less privacy than earlier generations and expect that situation to get worse.

And it's not just Americans who are jittery about losing privacy. A survey by Big Brother Watch, released June 24 by the British civil liberties website, shows that more than three-quarters of more than 10,000 interview respondents from nine industrialized, non-North American countries are concerned about their online privacy.

But IT security and privacy lawyer Ronald Raether says being concerned doesn't necessarily mean individuals take appropriate actions to safeguard their privacy. "Awareness is certainly increasing, but in terms of the populous being educated to make the right security choice, they are not," says Raether, a partner at Faruki Ireland & Cox in Dayton, Ohio.

Technical Glitch

In a Facebook blog, posted June 21, the social media company attributes the data leaks to a technical malfunction in its huge archive of contact information collected from its 1.1 billion users. Because of the glitch, which started in 2012, Facebook users who downloaded contact information for their list of friends received additional information that they were not supposed to obtain.

Facebook says users who downloaded the archive of their account through its "download your information" tool might have been provided with e-mail addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but it was inadvertently included with the contacts of the person using the tool.

In nearly every instance, Facebook says, an e-mail address or telephone number was only exposed to one person. No financial or other types of personal information were exposed.

Facebook says the bug was fixed within 24 hours after it was discovered, and there's no evidence that the glitch had been exploited maliciously. "It's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," Facebook says in the blog.

Paying Attention to Consumers

After years of complaints from members about its privacy policies, Facebook has made strides in giving users more controls over their own privacy decisions, says the Brookings Institution's Allan Friedman. But the glitch unveiled this past week hasn't helped Facebook's reputation.

"Facebook thought they were doing a service by collecting all this information; of course, they benefited from it as well," says Friedman, research director of Brookings' Center for Technology Innovation. "You have to pay attention to how your users think their data is used [or] ... you're going to lose trust."

Raether, the attorney, says companies must work harder to make privacy more user-friendly for their customers by reducing legal jargon and technicalities and putting in place measures to help guide consumers in making smart privacy decisions.

"Facebook has done a good job at that; they may not have implemented [adequate privacy protections] in this particular instance, but they've certainly done a good job trying to educate their users and put out their tools that can more easily allow consumers to make choices about their privacy settings," he says.

When it comes to social media, Raether says, the ultimate responsibility rests with consumers who must decide how much of their own information they want to surrender in a world where privacy is a precious and rare commodity.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;